Yesterday UCISA published the Information Security Management Toolkit that provides guidance to higher education institutions wishing to establish systems to manage information security. Authors from across the sector contributed to the content including Andrew Cormack and myself from Jisc.
The Government has published its proposed guidance to universities, colleges and other specified authorities on what they will be expected to do to satisfy their duty under the Counter-Terrorism and Security Act 2015 to "to have due regard to the need to prevent people from being drawn into terrorism".
I'll be presenting a workshop and discussion session on 'From Mobile Device Policy to BYOD' at Jisc's Digifest on Monday 9th March. Come along and hear why Bring Your Own Device may not be as scary as you think
My slides are now published on slideshare
Next month I'll be going to an academic conference on Google Spain and the "Right to be Forgotten" (actually, "right to be delinked") so I thought I'd better organise my thoughts on why, as a provider and user of communications and information services, the decision worries me. And I am much more worried by the decision itself and the train of proposed law it seems to have created than by how Google has responded.
The Counter-Terrorism and Security Act 2015, which received Royal Assent last week, has some network-related provisions among its various powers relating to terrorism. Section 21 adds further "relevant internet data" to the list of information that public telecommunications operators may be required to retain about the use of their networks and systems.
The undertaking that Google has recently made to the UK Information Commissioner's Office (ICO) provides some idea of the complexity of negotiations that have been going on between the company and various European data protection regulators over the past couple of years.
Tilmann Haak's presentation at this week's TF-CSIRT/FIRST meeting was on incorporating security requirements into software development processes using agile methods, but his key points seem relevant to any style of software or system development:
I've done a couple of presentations this week, comparing the risks and benefits of Bring Your Own Device (BYOD) with those that research and education organisations already accept in the ways we use organisation-managed mobile devices. As the title of my talk in Dundee asked, "What’s the Difference?"
During a recent conversation about learning analytics it occurred to me that it might be helpful to analyse how universities use student data in terms of the different justifications provided by UK and European Data Protection Law.